Linux Kernel Problems

Problems in multiple device drivers may be exploitable by a local attacker
to gain root permissions or read kernel memory. Affected drivers include aironet,
asus_acpi, decnet, mpu401, msnd, and pss.

Under
some circumstances, a missing check in the fchown() function can be abused by a local user to change the ownership of files that the local user does
not have the permissions to change. It may be possible to exploit this problem
and gain root permissions.

A permissions problem with the file /proc/scsi/qla2300/HbaApiNode may be
exploited in a local denial-of-service attack.

Users should upgrade to repaired kernel packages supplied by their vendors.

Apache 2

The Apache 2.x line of web servers are vulnerable to a remote denial-of-service
attack that, under some conditions, may be exploitable as a buffer overflow that
results in the execution of arbitrary code running with the same permissions
as the web server. The attack uses header lines that start with a tab or a space
character to exploit a flaw in a function located in the server/protocol.c file.
On 32-bit machines, this flaw can be exploited to use all available memory, causing
Apache to stop responding and, possibly, crashing the machine. Under some conditions
on a 64-bit machine with 4GB or more of virtual memory, a related buffer overflow
may be exploitable to execute arbitrary code. The 1.3.x line of Apache web servers
is reported to not be vulnerable.

This vulnerability has been fixed in Apache 2.0.50 and all users are encouraged
to upgrade as soon as possible. There is no reported workaround for this vulnerability.

Linux Virtual Server

The Linux Virtual Server modifies the Linux kernel to provide virtual servers
that run under one kernel but have virtual user spaces with their own password
files and root logins. A flaw in the way the procfs filesystem was handled in
virtual server spaces has been discovered. The flaw allows users in one virtual
space to make changes (to permissions, ownership, etc.) to the procfs that would
apply throughout all of the virtual spaces and the host system. The procfs file
system is a virtual file system in the Linux kernel that only exists in memory
and allows userland applications access to certain information from the kernel.

Affected users of the Linux Virtual Server should upgrade to Version 1.28 as
soon as possible or, as a workaround, mount the procfs filesystem read-only on
the host system.

Pure-FTPd

Pure-FTPd is an open source FTP daemon designed to be secure, reliable, and
follow the FTP standard. It is based upon the Troll-FTPd server. The Pure-FTPd
FTP daemon is vulnerable to a denial-of-service attack that uses a bug in the
accept_client() function. When the maximum number of connections has been reached
on the FTP server, the attacker can cause Pure-FTPd to crash.

Version 1.0.19 of Pure-FTPd has been released to repair this vulnerability.

FreeBSD Linux Binary Compatibility Mode

Linux binary compatibility mode provides FreeBSD with the capability to execute
Linux binaries without having to recompile them. Bugs in the way that multiple
Linux system calls are handled may be exploitable by an attacker to read or
write portions of kernel memory, resulting in a denial-of-service condition,
the gaining of root permissions, or an information disclosure.

It is recommended that the Linux binary compatibility mode be disabled until
it has been upgraded, or patched to a repaired version.

Domino

It has been reported that any user of IBM's Domino application server can, under
some conditions, change their quota limits to any arbitrary value by exploiting
a flaw in Domino's IMAP support. The Domino server and the user's email account
must have IMAP enabled before this attack can take place.

Users should watch IBM for a solution to this problem.

Shorewall

Shorewall, a tool for configuring the Linux kernel firewall Netfilter, is vulnerable
to a symbolic-link temporary-file race condition that can be exploited by a
local attacker to overwrite arbitrary files on the server with root permissions.

Affected users should upgrade to version 1.4.10f or newer as soon as possible.

All users should upgrade to a repaired version of libpng as soon as possible.

X Display Manager (XDM)

Some versions of the X Display Manager will allow users to log in even when
it is configured to not allow remote logins (i.e., DisplayManager.requestPort is
set to 0). The attacker must have access to a local account before they can
connect. Many older versions of XDM will not be vulnerable to this problem,
but it is not clear which version the bug was introduced.

Affected users should watch their vendors for an updated version of XDM.